No announcement yet.

Licensing Scheme

  • Filter
  • Time
  • Show
Clear All
new posts

  • Licensing Scheme

    Hey all!

    I'd like to create a licensing scheme that takes
    the following pieces of data and creates some
    sort of unlock code for my software.

    Company Name: ABC Company
    Software Expiration: 8-1-2000
    Records Purchased: 50,000

    I'd like the unlock code to be a fixed length
    unlock code that contains numbers and letters.
    Something like this:


    When a user "unlocks" their software with a key
    like the one above then it will display the 3 items
    of data contained in the key on my program splash

    I know a licensing scheme like this isn't perfect,
    but I just want to keep honest people honest (if
    you know what I mean).

    I'd appreciate anyone's input on the best way to
    accomplish this sort of licensing scheme or algorithm.
    Thanks in advance!


    Scott Wolfington

  • #2
    What I have done in the past is:

    Username: Greg Engle
    Company Name:
    Unlock Code: 6785-A345

    the unlock code is in the format XXXX-XXXX and the first set of
    XXXX is a CRC16 on the username and the second set of XXXX is
    a CRC of the company name. Now this is far from full proof and
    hackers have made serial number generators for one of my
    applications. I think a better way of doing this would be:

    Username: Greg Engle
    Company Name:
    Generate Serial Number: 213981237918237
    Unlock Code: 6785-A345

    you see now that I randomly generated a serial number that is
    needed when I register the application. The serial number is
    internal to the program and the user can't modify it (well
    it will slow a hacker down atleast)

    All these functions can be done with PowerBasic very easily and
    the CRC32 source code is available in the SOURCECODE forum.

    Hope that helps

    [email protected]


    • #3
      Hi Gregery,

      Thanks so much for your fast response. The CRC is interesting.
      Can you explain in a little more detail about what you're doing
      with the serial number? Does the serial number get generated
      when the user installs the software and thus it would be
      different everytime they install? Or, if they had to re-install
      their operating system, and re-install your software, will they
      get a new serial number? If so, then I'd like to stay away from
      the serial number idea because I've been down that route before.
      It can become a licensing nightmare once you have a lot of
      customers. It's amazing how often people re-install their
      OS's and software packages (when that happens they end up calling
      for a new unlock code).

      Thank again!

      Scott Wolfington


      • #4
        Scott --
        Long serial no. is enough uncomfortable for customers and enough dangerous (on next day you can see this ser. no on hackers' sites).
        I think, that it's better to use license files, which depends of customer's name and PC
        (BIOS' date, serial no. of HDD, CPU and so on).
        I prefer hardware electronic keys, but sometimes I use license file like alternative.
        In this case I do following ...
        I place all files in Internet and update releases enough often.
        If simply to download, a program doesn't work, because it needs a license file (or electronic key).
        Meanwhile I upload into Internet a special program.
        If customer prefers a license file, he should start this program on PC, where my program should stay.
        Utility collects information about PC and prepares "secret" file.
        Customer sends me money & "secret" file.
        On my PC I convert this secret file to the license file and send it back by E-Mail.
        Of course, sometimes users change PCes and need a new license file.
        Because I can't test, I "trust" customers.
        1) most of people are honest.
        2) in my case customers should pay every year.
        My experience shows that during an year I need to change 25% of license files maximum.
        Of course, if customer will require to change license file two times per day, I willn't beleive, but I didn't meet such things.



        • #5
          I have the same kind of problem to produce a large set of CD-ROM
          that need to be duplicated by the way of master duplication.
          There is a label on the CD-ROM box with the serial number key,
          (like Microsoft products).
          Then the user will have to enter his name and company name and the
          key number printed on the CD-ROM box.

          If you have a better idea I shall be glad to hear about it.
          But it must be usable with CD-ROM master duplication.

          Patrice Terrier
          mailto[email protected][email protected]</A>
          Patrice Terrier

          Addons: GDImage.DLL 32/64-bit (Graphic library), WinLIFT.DLL 32/64-bit (Skin Engine).


          • #6
            It's not that all of these suggestions aren't good, because they are VERY good...

            But when someone hits it at a register level and inserts a JMP over your function call, it just became licensed and registered...

            I found out the hard way, a crack was released for Winlog For Windows 98 long time ago...

            I'm liking the concept of crippleware more and more, because you can't crack what just isn't there..

            However, I have a nice little function that will check the day of install and compare it to how many days you allow the appliation to run..

            Email me if interested.


            mailto:[email protected][email protected]</A>
            Scott Turchin
            MCSE, MCP+I
            True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi


            • #7
              Hi Scott!

              Yeah, I understand where you are coming from. That's why
              I said in my first post that I just want to keep honest
              people honest. I'd love to check out the function you have.
              I'll email you now. Thanks again!

              Scott Wolfington


              • #8
                Originally posted by Scott Wolfington:
                Does the serial number get generated
                when the user installs the software and thus it would be
                different everytime they install?
                Well what I have done in the past to generate a serial number is
                open a file and randomly create 1024 bytes, a simple chr(rnd(...))
                should work fine, and then take a CRC32 of that file. Now I
                just put that file in the windows\system directory and if
                someone uninstalls my program and then reinstalls the serial
                number will stay the same. Unless of course they delete the
                file but if you set the same of the file back (in sourcecode forum)
                it will make it harder.

                [email protected]


                • #9

                  If I understand what you are after, the simplest and tidiest approach is
                  to probably make a key file for each registered customer that has their
                  name in it so it displays in the About box as a product registered to
                  either them or their company.

                  Any reasonable cracker can produce a key-generator that will do the job
                  of breaking your protection but it will deter many from giving out the
                  keyfile because it has their name in it.

                  There are many elaborate techniques for protecting EXE files and some
                  work better than others but at the crunch, they all can be broken by a
                  person who properly understands the workings of binary files. Trying
                  to bury junk in the registry is a flop, it is easy for a cracker to
                  track it during installation, serial number schemes are simple practice
                  for the kids in Softice so a more personal approach is probably better
                  for what you had in mind.

                  Regards & good luck.

                  [email protected]

                  hutch at movsd dot com
                  The MASM Forum - SLL Modules and PB Libraries



                  • #10
                    I consider three states for my programs:
                    1. No registration exists, Demo.
                    2. Incorrect registration exists, Crack.
                    3. Correct registration exists, Normal.

                    Demo mode runs with some limited functionality, but crack mode
                    appears normal, but gives randomly incorrect results (bugs).

                    It is far harder to accurately identify bugs than a message which
                    identifies the code as unregistered. I know of cases (another
                    company) where users called tech support for help with bugs,
                    (alerting the company of pirated software).


                    John Kovacich
                    Ivory Tower Software


                    • #11
                      Scott (and everybody else),

                      I guess the lengths you'd go to to try and avoid illegitimate copies depends on the price of the software and the number of potential buyers.

                      I do like key files myself, as they're easily distributed (small, very suitable for emailing). I include at the very least a name and authorization code, and then check in my code that these two match. Of course, some apps will let you display the piracy, as the registered name could be a fixed part of reports etc.

                      As for "hitting it at the registerlevel", that would take some doing. I sometimes use Shrinker from Blink, Inc ( ) to compress my exe whether that's needed or not, as it also renders the exe very difficult (probably not impossible) to disassemble. Also, if it's a small app, you could embed the key as a resource in the exe, and then run Shrinker on it. I admit to not being very knowledgable on the ins and outs of hacking techniques, but I imagine the hacker must be very determined to bother with a setup like that.

                      Works for me, anyway, but then I haven't written any really large audience apps. Most of what I do is very specialized, and of no general interest.

                      Just thought the Shrinker approach might be useful for some.




                      • #12
                        [Deleted - double post...]

                        [This message has been edited by Ketil Krumm (edited August 02, 2000).]


                        • #13

                          The downfall on EXE compressors is that when it loads in memory it
                          extracts the whole thing in memory so any hacker can just read
                          the contents of memory to get the info. Much debate on the
                          EXE compressors to begin with, personally I dislike them because
                          of the lack of performace.

                          [email protected]


                          • #14
                            Well i think the best way to protect valuable softwares is to use a dungle key.

                            Patrice Terrier
                            mailto[email protected][email protected]</A>
                            Patrice Terrier
                            Addons: GDImage.DLL 32/64-bit (Graphic library), WinLIFT.DLL 32/64-bit (Skin Engine).


                            • #15

                              I basically agree with you, but they do have their uses. I purchased Shrinker after having written an applet to search for Norwegian postal codes. It had to be completely free text search, and I wanted it as a single file (i.e. no separate data file etc.).

                              I embedded the data as an RCDATA resource in the EXE, which was then 3 MB+. After running Shrinker on it it was 300 KB+, and loaded a lot faster due to the reduction in disk file size (not to mention the improved performance when loading it over a LAN!). It provided just what I needed in this case, and the memory overhead for Shrinker is just 40 KB (or so they claim, I never tested it).

                              As for just dumping the memory content after decompression, I probably stand corrected. As I said, the ins and outs of hacking techniques never were my domain...



                              [This message has been edited by Ketil Krumm (edited August 02, 2000).]